TypeScript 7.0 became stable on July 8, 2026 — and for most of the tens of millions of professional web developers who depend on it daily, a single npm install -D typescript command now cuts build ...
TypeScript 7.0 release is now public, and Microsoft says the new version is production-ready after months of preview testing. The release follows TypeScript 6.0, which arrived in March 2026 and ...
Visual Studio Code 1.128 is out now. It's the latest weekly release and this time brings a handful of new features.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Visual Studio Code (VS Code) has rapidly become one of the most popular code editors among developers worldwide. Its flexibility, ease of use, and robust features make it a go-to choice for everything ...
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.
Preview of new companion app allows developers to run multiple agent sessions in parallel across multiple repos and iterate on human and agent reviews. Visual Studio Code 1.115, the latest release of ...
Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
Anthropic PBC has accidently exposed the source code for its Claude Code command-line interface tool through a packaging error that led to the inclusion of sensitive ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...